[Secure-testing-team] inject-embedded-code-copies
Moritz Muehlenhoff
jmm at inutil.org
Wed Aug 26 17:29:10 UTC 2009
On Sun, Aug 23, 2009 at 09:11:51PM -0400, Michael S Gilbert wrote:
> On Mon, 24 Aug 2009 00:59:44 +0000 Michael Gilbert Michael wrote:
> > introduction of inject-embedded-code-copies
>
> hello, i've noticed that embedded code copies can be troublesome to
> track, so i've developed a script that automatically adds TODOs for
> known code copies to the CVE list.
>
> i implemented both forward and reverse embeds, but i've commented out
> the reverse embeds section that seems to generate a lot of false
> positives. maybe this could be of use to someone doing a manual triage.
>
> anyway, running inject-embedded-code-copies generates about 400 changed
> lines, and i didn't want to push such a big commit without warning.
> following is a sampling of the changes that would be commited. let me
> know if i should go ahead with that.
>
> also, i think it would be very useful to add this to set of scripts
> that are automatically run.
You should redirect the TODOs in a file separate from CVE/list, otherwise
it clutters the list too much.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list